Typebot & Supabase JWT
Hi team,
I am trying to achieve the following:
✅ Only allow users to start a new typebot session if they have a valid Supabase JWT.
This is working by adding a jwt variable to the flow, including it as a prefilled variable when calling the embed script and calling the /auth/user supabase endpoint at the beginning of the flow. I then either show a “you are not authorised” message or the chat starts.
❔Continue existing chat (using session id in embed script) if user provides the correct Supabase JWT.
I might be mistaken but I don’t see any way to protect an existing session in the same way?
Ideally before showing the chat history and continuing I would like to check the supplied supabase jwt again.
Is that possible somehow?
Cheers 🙂
3 Replies
Not sure to understand the second case here? "Continue existing chat (using session id in embed script) if user provides the correct Supabase JWT.". Can you provide more info on the context? When does this happen exactly?
We will save all the typebot session ids a user has had into our supabase database.
When they select one they should be able to continue the session.
However, using only the session id would not be very secure - hence I would like to find a way to check the jwt again to make sure the user opening the session should have access to it
Any ideas baptiste?
Having a way to embed typebot and authenticating the user (not via separate auth but via sso or secure headers) would be a great feature too.
In the meantime some way of protecting the session from being replaced with another session (exposing potentially sensitive data) is what we are trying to do.
Yes would be nice to authorize the conversation
No way to do that for now!